Hi, we're having a hard time with the new update(s) and Lua in our testing environment. Here's the error we're seeing in Audit Console, this is opening up a single transaction:
Unknown | Lua: Script execution failed: attempt to call a nil value Unknown | Rule processing failed. This is happening with modsecurity 2.5.13 and modsec CRS 2.1.1 on our Debian 5 servers, apache is configured with: ./configure --prefix=/usr/local/apache --disable-userdir --enable-rewrite --enable-so --enable-info --enable-status --enable-ssl --enable-cgi --enable-unique-id --enable-mime-magic --with-included-apr --with-pcre=/usr/bin/pcre-config --enable-deflate --enable-expires --enable-headers modsecuirty cofigured with: ./configure --with-apxs=/usr/local/apache/bin/apxs --with-apr=/usr/local/apache/bin/apr-1-config I've narrowed it down to the include in our http.conf for modsecurity_crs_41_advanced_filters.conf, which was previously working as the phpids rules. Even further, by commenting out this section at the top of the 41_advanced_filters file everything works fine: # Lua script to normalize input payloads # Based on PHPIDS Converter.php code # Reference the following whitepaper - # http://docs.google.com/Doc?id=dd7x5smw_17g9cnx2cn # SecRuleScript ../lua/advanced_filter_converter.lua "phase:2,t:none,pass" SecRule TX:/centrifuge_ratio/ ".*" "phase:2,t:none,log,capture,msg:'Centrifuge Threshold Alert - Ratio Value is: %{tx.0}'" Here is the modsecurity includes in our http.conf #modsecurity Rules Include conf/modsecurity.conf Include conf/modsecurity-crs_2.1.1/*.conf Include conf/modsecurity-crs_2.1.1/experimental_rules/modsecurity_crs_41_advanced_filters.conf Include conf/modsecurity-crs_2.1.1/optional_rules/modsecurity_crs_25_cc_known.conf Include conf/modsecurity-crs_2.1.1/base_rules/*conf With the same setup and versions Modsecurity/Apache, CRS 2.0.10 worked perfectly. We could move forward without Lua functionally, but I'm lost as to why such a big addition would be broken from the get-go. Haven't been able to find anyone posting with a similar issue so any help would be greatly appreciated. Thanks, -Chris _______________________________________________ Owasp-modsecurity-core-rule-set mailing list [email protected] https://lists.owasp.org/mailman/listinfo/owasp-modsecurity-core-rule-set
